New Office, New Network. Questions.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jul 13 18:53:55 UTC 2016


On Tue, 12 Jul 2016 15:30:11 +0300, Nikolai Petrov said:

> Is there any way to limit the amount of devices in a subnet to avoid problems
> and attacks? I don't think the equipment will work with 2^64 devices in a
> single subnet..

Sure. Just don't connect that many devices to one subnet, just the same as you
do in IPv4. No need to drop them all into one subnet. You got a /56, so you can
make 256 /64s out of it.  Carve it up whatever way your cabling says to do it.
Maybe one subnet for your external router to all your in-building switches,
then each switch has a subnet for one floor/office suite/whatever and 1
interface on your organization-wide fabric.  Maybe something else - but in
general you'll be using a subnet everyplace you'd use one in IPv4.

> So why are these addresses there? For installations not connected to the Internet?

Exactly.  It's an attempt to avoid the current mess during corporate acquisitions
where they find out that both companies used 10.16.12.0/24 for different things.

> Is there a reason you use DHCPv6 and SLAAC? Is it for compatibility?

My laptop works just fine at both home and work just using SLAAC - I hit both
mostly to make sure that if I'm travelling and hit someplace where the routers
don't do SLAAC, I'll still configure.

And as I noted, I do it at least partially to stress-test for stuff like
network logging tools, to make sure they don't fall over if they see an address
that isn't either SLAAC or DHCPv6, and so on...

> Can I use the DHCPv4 to give out DNSv6 addresses?

No. You'll need to use either SLAAC or DHCPv6 for that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160713/b508462e/attachment.sig>


More information about the NANOG mailing list